Transcript Chapter 24 - Systems Security

Chapter 27: System Security
Dr. Wayne Summers
Department of Computer Science
Columbus State University
[email protected]
http://csc.colstate.edu/summers
Comparison of Web Server (in DMZ)
and Development Systems (internal)
 Policy
 Networks
 Users
 Authentication
 Processes
 Files
2
Policy for Web Server System in DMZ
1.
All incoming Web connections and replies go through
the outer firewall
2.
All users log in from an internal trusted server running
SSH. Web pages not updated locally, but downloaded
through SSH tunnel
Log messages transmitted to DMZ log server only
3.
4.
5.
6.
7.
8.
Web server may query DMZ DNS for IP addresses
No other network services provided
Web server runs CGI scripts
Web server must implement services correctly &
restrict access to services
Public key of principal who will decipher and process
transaction data resides on DMZ Web server
3
Policy for Development System
1.
2.
3.
4.
5.
6.
7.
Only authorized users are allowed to use the devnet
systems. All actions / system accesses tied to
individual user
Workstation sysadmins must be able to access
workstations at all times
Users on devnet are trusted not to attack devnet
systems, other users not trusted
All network communications (except email) are
confidential and are checked for alteration
Base standard configuration cannot be changed
Sysadmin must be able to restore system from backup
with at most one day’s loss
Security officers must perform periodic and ongoing
audits of devnet systems
4
Networks
 Web Server System in the DMZ
– External users can reach system only by using Web
services connecting through outer firewall
– Internal users can reach system only by using SSH
from trusted admin system
– All attempts to connect must be monitored
– Server will not accept requests from other DMZ
systems
– Server requires both host and user to be authenticated
(via SSH server)
– Only web & SSH servers running; all attempts to
connect to other ports are logged
5
Networks
 Development System
– Only accept authenticated and encrypted user
connections (SSH server)
– Runs print spooler, logging server, access to
file server and user database system
– No ftp/web servers
– Simple SMTP server for convenience with
mail kept remotely
– Uses access control wrappers
– Systems scanned by sysadmin for
vulnerabilities
6
Users
 Web Server System in the DMZ
– Two users & one sysadmin
• One user – read/serve Web pages & write to Web
server transaction area
• Second user – move files from Web transaction
area to commerce transaction area
– Minimize # of accounts vs. minimize
privileges of accounts
– Sysadmin cannot login directly, except from
console as root
7
Users
 Development System
–
–
–
–
One user account per developer
Administrative account
Groups based on projects
Use consistent naming between development
systems (use central repository - NIS)
– Each developer workstation must have local
root account and local account for sysadmin
– Special accounts, e.g. mail, daemon
– Development system noot accessible by
Internet users
8
Authentication
 Web Server System in the DMZ
– SSH server only allows connections from
trusted hosts and requires cryptographic
authentication
– Web Server uses MD-5-based password
hashing
 Development System
– Physically secure site
– Passwords (with aging)
– Use SSH for remote access
9
Processes
 Web Server System in the DMZ
– Run a minimum set of processes
•
•
•
•
•
Web server
Commerce server
SSH server
Login server
OS services
– Interprocess communications only through welldefined communicaiton channels
 Development System
– Servers run with fewest privileges necessary to
perform tasks
– Processes must be logged
10
Files
 Web Server System in the DMZ
– System programs & configuration files – static (keep
on CD)
– CGI programs – keep on CD
– Web server files kept in separate partition shielded
from commerce server
 Development System
– Use CD to boot and install system and configuration
– Forward log messages to separate log server
– Keep developers files on separate file server
11